Plan Quantum-Safe Migrations Now to Avoid These 4 Pitfalls

The quantum computing reality is drawing nearer — Y2Q, Quantum Day, Q-Day — when quantum computers will be able to break the public-key cryptography that currently safeguards most of the internet and the critical applications we rely on. As a result, it is becoming increasingly urgent for organizations to initiate their quantum-safe planning and migration efforts now, to ensure the continued integrity of their cybersecurity defences.

The Global Risk Institute publishes an annual Quantum Threat Timeline Report that provides best estimates for the arrival of a Cryptographically Relevant Quantum Computer (CRQC), a computer that can run quantum algorithms to crack today’s (classical) cryptography. Specifically, the report estimates the likelihood, at different points over the next thirty years, of a quantum computer emerging able to break the RSA-2048 cryptosystem within 24 hours. Among the report’s conclusions is that there is a substantial likelihood this could happen within the next 10 years. They state, "The risk aversion/appetite of companies and institutions can vary significantly, but for critical systems, such estimated likelihoods represent a serious concern." This report is a must-read for organizations’ risk management teams.

Researchers at IBM caution that Q-Day is sooner than we think, stating, "The rapid advancements and the merging of hybrid quantum-classical computing, artificial intelligence (AI), machine learning (ML), and deep learning (DL) pose a potentially unseen and significant threat to encryption that may impact post-quantum cryptography (PQC) transition timelines." Read the manuscript, Advancements in Quantum Computing and AI May Impact PQC Migration Timelines, for more information.

Performing a quantum-safe migration is required for securing your organization in the future. Yet, preparing for Q-Day and beyond doesn’t need to be overwhelming, especially if organizations start acting now. Starting migration planning now is essential to ensuring it goes as smoothly as possible. Conversely, delaying your migration will likely cause you a lot of headaches, and a lot of unnecessary costs, down the road. History tells us that any type of IT modernization is time-intensive and requires careful planning — consider Zero Trust or Y2K. Start your quantum-safe migration now to avoid these 4 pitfalls:

  • Rushed migrations. Haste makes waste. Waiting too long to begin migration planning can lead to rushed efforts, resulting in errors, unnecessary expenditures, conflicts, and incomplete solutions that miss critical infrastructure components. This haste can cause operational downtime and may activate Business Continuity/Disaster Recovery (BC/DR) plans, which are always costly and undesirable.
  • Negative consequences of prolonged outages. Business outages due to migration issues can lead to SLA violations, loss of business, reputational damage, and potential lawsuits. A well-planned migration avoids these pitfalls, keeping your operations smooth and uninterrupted.
  • Security gaps and risks. Organizations that delay their migration are at a competitive disadvantage compared to those that plan and execute efficiently. If a CRQC emerges before you are prepared for it, you may face security gaps which you likely need help to close. For example, let’s say you require quantum-safe updates from one of your IT vendors, but they’re not ready to provision those updates. This leaves your organization with unacceptable risk. Many products and devices might require specialized or tailor-made solutions to become quantum-safe, which can take time to develop and deploy.
  • Vendor chaos. Coordinating with vendors, suppliers, and customers is essential for a successful migration. Organizations need time to identify and coordinate with their vendors and service providers to ensure they have plans for quantum-safe versions of their products. Delays in vendor readiness necessitate changes to your migration plan and potentially lead to undesirable compromises. If current suppliers do not have a satisfactory quantum-safe roadmap, you will need time to vet and onboard alternative vendors. Implementing quantum-safe updates may require new talent with specialized skills, which takes time to source and train. Customers may also need updates to ensure continued compatibility with your products or services. Start early to coordinate with all parties involved and impacted.

Best Practices for Optimal Organizational Roadmap Alignment
A strategic, long-term migration plan allows organizations to gain efficiencies by aligning their quantum-safe efforts with other technological or business-related roadmap plans. Here are 3 best practices:

  1. Reconcile roadmap efforts. Reconcile Zero Trust migration plans with the PQC migration, planned changes to organizational structures, planned changes to vendors/suppliers, hardware/software refresh cycles, and so on. Discovering and addressing conflicts between different roadmaps can be beneficial. Doing so can avoid unnecessary costs and unexpected disruptions.
  2. Phased migration. Start now, but don’t rush! A phased migration approach allows organizations to amortize their migration costs. Preparing early enables the organization to make strategic changes to the migration plan as new information or technologies emerge.
  3. Incremental improvement. Incorporating lessons learned into the migration plan — and amending as you go — yields cost savings, security improvements, and other strategic benefits.

For further insights and discussions on starting your quantum-safe migration, consider exploring the following ISARA blogs:

Starting your quantum-safe migration planning now is not just a precaution; it's a strategic imperative. The potential risks and costs associated with delayed or rushed migrations far outweigh the efforts required to begin planning today.

We at ISARA can help your organization navigate this cryptographic migration smoothly and maintain a competitive edge in the quantum computing era. Whether you’re just starting, not yet begun, or well on your journey, we can help — reach out anytime!